In all libraries SWFUpload (126.96.36.199, probably earlier versions + version Beta), Plupload of the version is lower 1.5.4(?) is found by XSS (in SWFUpload) and CSRF (in Plupload) vulnerability!
Hash sum vulnerable file swfupload.swf
Hash sum file bugfixed swfupload.swf:
You can report any specific issues with SWFUpload to there site as we do not work with or code there application. the issue was reported months ago
If you are really worried about it all I can tell you to do is turn off the flash uploader.
what kills me is I search for externalinterface as that function from reading on the net is buggy and say this issue they respond to yet the one posted above months ago they do not.
More research but it appears to me your not going to see a fix for SWFUpload anytime soon. That flash uploader is a free source project and the last gold release was over 3 years ago.
|All times are GMT -5. The time now is 04:23 AM.|
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0